Customers confronted with unexplainable red statusses and installation/update issues were helped by this:
select * FROM windows_security_products
WHERE name is not 'Windows Firewall'
and name is not 'Microsoft Defender Antivirus'
and name is not 'Sophos Anti-Virus'
Which produced a list of machines running conflicting anti-virus software, so that the IT department could do their magic on them.
In some cases (I have seen Polish and Chinese names for the Firewall and Defender entries), you'd need to add those names, eg.
and name is not 'Windows 防火墙'
and name is not 'Windows Defender 防病毒'
and name is not 'Zapora systemu Windows'
and name is not 'Program antywirusowy Windows Defender'
I'm sure there are prettier ways of doing this, I'm not a SQL specialist.